11:28 a.m.
Hello Marc,
the following infinispan unicast configuration is working well for us at
the moment with Keycloak 2.5.5.Final in Docker:
echo SETUP: Configure JGroups clustering with TCP-Unicast
# Add the participating host entries for initial discovery in the form
"host[port]" - quotes are required, e.g. "host1[7800],host2[4711]".
Default
port is 7800.
echo SETUP: Configure JGroups and Infinispan to use TCP-Unicast instead of
UDP-Multicast
/subsystem=jgroups/stack=unicast-tcp:add(transport={type=>TCP,socket-binding=>jgroups-tcp},
protocols=[])
/subsystem=jgroups/stack=unicast-tcp/transport=TCP/property=bind_port/:add(value=${env.JGROUPS_PORT:7800})
/subsystem=jgroups/stack=unicast-tcp/transport=TCP/property=external_addr/:add(value=${env.JGROUPS_EXTERNAL_IP:127.0.0.1})
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=TCPPING)
/subsystem=jgroups/stack=unicast-tcp/protocol=TCPPING/property=initial_hosts/:add(value="${env.JGROUPS_REMOTE_HOSTS:localhost[7800]}")
/subsystem=jgroups/stack=unicast-tcp/protocol=TCPPING/property=port_range/:add(value=0)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=MERGE3)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FD_SOCK)
/subsystem=jgroups/stack=unicast-tcp/protocol=FD_SOCK:write-attribute(name=socket-binding,value=jgroups-tcp-fd)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FD_ALL)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=VERIFY_SUSPECT)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.NAKACK2)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.NAKACK2/property=use_mcast_xmit/:add(value=false)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=UNICAST3)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.STABLE)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=pbcast.GMS)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.GMS/property=print_physical_addrs/:add(value=true)
/subsystem=jgroups/stack=unicast-tcp/protocol=pbcast.GMS/property=print_local_addr/:add(value=true)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=UFC)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=MFC)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=FRAG2)
/subsystem=jgroups/stack=unicast-tcp/:add-protocol(type=RSVP)
echo SETUP: Activate JGroups stack unicast-tcp
/subsystem=jgroups/:write-attribute(name=default-stack,value=unicast-tcp)
/subsystem=jgroups/channel=ee/:write-attribute(name=stack,value=unicast-tcp)
echo SETUP: Configure jgroups-tcp socket binding to use public interface
/socket-binding-group=standard-sockets/socket-binding=jgroups-tcp/:write-attribute(name=interface,value=public)
echo SETUP: Configure replication for Keycloak caches
/subsystem=infinispan/cache-container=keycloak/distributed-cache=sessions:write-attribute(name=owners,
value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=offlineSessions:write-attribute(name=owners,
value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=loginFailures:write-attribute(name=owners,
value=2)
/subsystem=infinispan/cache-container=keycloak/distributed-cache=authorization:write-attribute(name=owners,
value=2)
Cheers,
Thomas
2017-06-21 17:28 GMT+02:00 Marc Tempelmeier <marc.tempelmeier(a)flane.de>:
Hi,
thanks, we went with docker swarm, where we have other services already.
So I want to try to get the unicast working.
I´ll take a look at JDBC_PING though.
-----Ursprüngliche Nachricht-----
Von: Schuster Sebastian (INST/ESY1) [mailto:Sebastian.Schuster@
bosch-si.com]
Gesendet: Wednesday, June 21, 2017 4:31 PM
An: Marc Tempelmeier <marc.tempelmeier(a)flane.de>;
keycloak-user(a)lists.jboss.org
Betreff: RE: Unicast
Hi Marc,
I don't have production experience with it yet, but you can setup JGroups
discovery to use the DB (JDBC_PING) instead of multicast.
You can see how this works on Kubernetes and MySQL for example at
https://github.com/Reposoft/keycloak-ha-kubernetes/tree/
keycloak3-ha-mysql/server-ha-mysql. Using Minikube (https://github.com/
kubernetes/minikube) you will have a Keycloak cluster running in no time
(if you don’t try to mount persistent volumes for the DB from the host as I
did :)
Best regards,
Sebastian
Mit freundlichen Grüßen / Best regards
Sebastian Schuster
Engineering and Support (INST/ESY1)
Bosch Software Innovations GmbH | Schöneberger Ufer 89-91 | 10785 Berlin |
GERMANY | www.bosch-si.com Tel. +49 30 726112-485 | Fax +49 30 726112-100
| Sebastian.Schuster(a)bosch-si.com
Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Geschäftsführung: Dr.-Ing. Rainer Kallenbach, Michael Hahn
> -----Original Message-----
> From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-
> bounces(a)lists.jboss.org] On Behalf Of Marc Tempelmeier
> Sent: Mittwoch, 21. Juni 2017 15:36
> To: keycloak-user(a)lists.jboss.org
> Subject: [keycloak-user] Unicast
>
> Hi,
>
> does someone here use unicast instead of multicast to form a cluster?
>
> If yes, I would be interested in the config :)
>
> Best regards
>
> Marc
> _______________________________________________
> keycloak-user mailing list
> keycloak-user(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-user
_______________________________________________
keycloak-user mailing list
keycloak-user(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-user